• IBM i PTF Guide, Volume 25, Number 17

  April 24, 2023 Doug Bidwell

  There are a lot of PTFs that you need to be aware of this week, but before we get into them, there are two security vulnerabilities, one affecting the IBM i platform’s integrated Apache Web server and the other affecting the combination of IBM i Access Client Solutions combined with the IBM Toolbox for Java. Let’s get into the security bulletins to start.

  First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001), which you can find out more about at this link …

  Read more

• IBM i PTF Guide, Volume 25, Number 16

  April 17, 2023 Doug Bidwell

  In a rare occurrence, there are no updates to the PTF Groups for the currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – but there sure are a whole bunch of security vulnerabilities that IBM i shops have to deal with.

  First, there are two of them dealing with WebSphere Application Server Liberty. In PH50863:IBM WebSphere Application Server Liberty is vulnerable to a denial of service, which you can find out more about here and which deals with CVE-2023-24998 CVSS 7.5. Then there is PH52739:IBM WebSphere Application Server Liberty is vulnerable to a privilege …

  Read more

• IBM i PTF Guide, Volume 25, Number 15

  April 10, 2023 Doug Bidwell

  It is Spring Break in a lot of places, and also Easter and Passover as we go to press, and so it is not at all surprising that there is not a lot of activity in the IBM i PTF Guide this week. We took the opportunity to retire 7.2 worksheet, check the archives, and, DLB_PTF_04/01/23_B25N14.XLS for the last worksheet. Any changes to V7R2 going forward will be detailed here instead of the Guide.

  There are High Impact/Pervasive tweaks for all currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – and a fix list …

  Read more

• IBM i PTF Guide, Volume 25, Number 14

  April 3, 2023 Doug Bidwell

  The IBM i 7.4 Technology Refresh 8 marker PTF is out, and we see it in HTTP Server Group 26. Nothing special so far, just the indication that it is out, but nothing on 7.3 or 7.5 groups, yet – only 7.4. Thank you, Jozef in New Zealand, for catching that, and sharing it! The Four Hundred collective thinks the IBM i TRs might be coming on April 11, but that has not been confirmed by Big Blue as yet.

  We mostly suspect this will happen because that is when ITJ Editor Alex Woodie scheduled a trip to Hawaii with …

  Read more

• IBM i PTF Guide, Volume 25, Number 13

  March 27, 2023 Doug Bidwell

  This week, the IBM i community has to take a look at two new security vulnerabilities. There are PTF updates for IBM Navigator for it that you need to look at. The updated details for the PTFs for Navigator for i are in the link in the ACS_NAV worksheet. And there is also a defective PTF you probably need to take a look at, too.

  Now, on to the security vulnerabilities.

  First, there is Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283), which you can find out more about here. For …

  Read more

• IBM i PTF Guide, Volume 25, Number 12

  March 22, 2023 Doug Bidwell

  We are always on the hunt for something new, but sometimes we find something that is not new but is new to us and maybe you, too. Here is a case in point: The IBM i 7.4 section on the IBM documentation site was last updated in the last half of the year 2021 and now describes the enhancements made to ILE RPG after 7.4 with PTFs. You can see it here. Also, we wanted to point out that we have re-organized the ACS_NAV worksheet contents, adding a bunch of links to documents and several YouTube links. That is …

  Read more

• IBM i PTF Guide, Volume 25, Number 11

  March 15, 2023 Doug Bidwell

  Even when there is not a lot going in with PTF Groups or security vulnerabilities or other things with the IBM i platform, there is always something going on with the IBM i PTF Guide. This week is a slow one, and so that gave us time to catch up on the links embedded within the Guide. Keep an eye out for them next week and also for a video log for Access Client Services.

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.5:

  • HIPERs (High Impact/Pervasive)

  PTF …

  Read more

• IBM i PTF Guide, Volume 25, Number 10

  March 13, 2023 Doug Bidwell

  Here is what is new this week: Fixes. To be specific: Long Term Support release: 9.2.0.10 client install image for IBM MQ on IBM i release level: 9.2.0.10-IBM-MQC-IBM_i. IBM MQ is also known as WebSphere MQ also known as MQ Series, and it is the message queuing middleware that Big Blue has been selling since 1993. Yup, that is 30 years ago, and this tool is one of the foundations of the microservices movement. It is Kafka-esque. Or, more precisely, Kafka is MQ-esque.

  Anyway, here is the rundown of PTF Groups by IBM i release level since we last …

  Read more

• IBM i PTF Guide, Volume 25, Number 9

  March 6, 2023 Doug Bidwell

  We are still playing catch up and will be back in synch soon. We wanted to remind you about an important bug issue, which is ADMIN4 Job Terminates Suddenly When A User Profile Without *ALLOBJ and *IOSYSCFG Authority Accesses the IBM Web Administration GUI, which you can look at here.

  This issue is introduced after applying the following IBM i HTTP Group PTF levels:

  • IBM i 7.5: SF99952 level 5
  • IBM i 7.4: SF99662 level 25
  • IBM i 7.3: SF99722 level 42

  Download and apply the following 5770-SS1 PTF to prevent the ADMIN4 job from ending suddenly. The PTF …

  Read more

• IBM i PTF Guide, Volume 25, Number 8

  February 27, 2023 Doug Bidwell

  We are playing catch up a bit here at the IBM i PTF Guide, and apologies for that but it goes that way sometime. There are a bunch of security vulnerabilities that you need to be aware of, including one that covers systems software not from IBM, as we usually track, but file transfer software from Forta (formerly known as HelpSystems). We are going to be keeping a closer eye on third party software security bulletins going forward.

  So first, we have CVE-2023-0669, which explains that GoAnywhere MFT from Fortra (formerly HelpSystems) suffers from a pre-authentication command injection …

  Read more

Previous Articles Next Articles